Archived TD0279: Ciphersuites for SRTP
The SBC and VVoIP EPs currently only include a single ciphersuite for use in SRTP. NSS customers would like the list of allowable ciphersuites expanded.
Updated 03/29/2018 to add AES_CM_128_HMAC_SHA1_32, in accordance with RFC 4568.
FCS_SRTP_EXT.1.2 is modified as follows:
FCS_SRTP_EXT.1.2 The TSF shall implement SDES-SRTP supporting the following ciphersuites [selection:
· AES_CM_128_HMAC_SHA1_80, in accordance with RFC 4568,
· AES_CM_128_HMAC_SHA1_32, in accordance with RFC 4568,
· AES_256_CM_HMAC_SHA1_80, in accordance with RFC 6188,
· AES_256_CM_HMAC_SHA1_32, in accordance with RFC 6188,
· AEAD_AES_128_GCM, in accordance with RFC7714,
· AEAD_AES_256_GCM, in accordance with RFC 7714].
Application Note: This requirement specifies that the SRTP session that will be used to carry the VoIP traffic will be keyed according to an SDES dialogue using one of the identified ciphersuites. The ST author should select any/all ciphersuites supported.
No change to the Assurance Activities is needed.
The additional ciphersuites included allow more flexibility and provide support for greater key lengths.